Re: More specifics from AS18978 [was: Prefix hijack by INDOSAT AS4795 / AS4761]

[Randy <amps () djlab com>]

Ignore my noise, I don't think there was new activity today (although 
something weird def. happened).   BGPmon list was sorted by wrong column 
and I mixed the dates up.   Although it's still showing as active since 
march which I thought said provider resolved...

On 03/26/2015 8:26 pm, ML wrote:
> Wouldn't it be a BCP to set no-export from the Noction device too?
>
>
> On 3/26/2015 6:20 PM, Nick Rose wrote:
> > Several people asked me off list for more details, here is what I have 
> > regarding it.
> >
> > This morning a tier2 isp that connects to our network made an error in 
> > their router configuration causing the route leakage. The issue has 
> > been addressed and we will be performing a full post mortem to ensure 
> > this does not happen again.
> > While investigating the issue we did find that the noction appliance 
> > stopped advertising the no export community string with its 
> > advertisements which is why certain prefixes were also seen.
> >
> > Regards,
> > Nick Rose
> > CTO @ Enzu Inc.
> >
> > -----Original Message-----
> > From: NANOG [mailto:nanog-bounces () nanog org] On Behalf Of Nick Rose
> > Sent: Thursday, March 26, 2015 3:49 PM
> > To: amps () djlab com; Peter Rocca
> > Cc: nanog () nanog org
> > Subject: RE: More specifics from AS18978 [was: Prefix hijack by 
> > INDOSAT AS4795 / AS4761]
> >
> > This should be resolved from AS18978. If you experience anything else 
> > please let me know and I will get it addressed immediately.
> >
> > Regards,
> > Nick Rose
> > CTO @ Enzu Inc.
> >
> > -----Original Message-----
> > From: NANOG [mailto:nanog-bounces () nanog org] On Behalf Of Randy
> > Sent: Thursday, March 26, 2015 12:14 PM
> > To: Peter Rocca
> > Cc: nanog () nanog org
> > Subject: RE: More specifics from AS18978 [was: Prefix hijack by 
> > INDOSAT AS4795 / AS4761]
> >
> > On 03/26/2015 9:00 am, Peter Rocca wrote:
> > > +1
> > >
> > > The summary below aligns with our analysis as well.
> > >
> > > We've reached out to AS18978 to determine the status of the leak but
> > > at this time we're not seeing any operational impact.
> > +2, after the morning coffee sunk in and helpful off list replies I 
> > can
> > finally see it's probably not INDOSAT involved at all.
> >
> > FYI, the more specifics are still active:
> >
> > 2015-03-26 13:56:11     Update  AS4795  ID      198.98.180.0/23 4795 4795 4761
> > 9304 40633 18978 6939 29889     Active
> > 2015-03-26 13:56:11     Update  AS4795  ID      198.98.182.0/23 4795 4795 4761
> > 9304 40633 18978 6939 29889     Active
> >
> > --
> > ~Randy